Vim encryption , encrypting with vim and blowfish.

I am always on the search for the other ways to encrypt my documents on a server. I’ve used gpg keys, gpg symetric encryption, but this one seems to fit the bill the best. Encrypting with vim is a very painless process, it does take some setup, but not much, I promise.

The first thing I do is to setup an alias in my .bashrc file. I alias the following :

alias vime=”vim -u ~/.vimencrypt -x ″

vime is short for "vim encrypted", at least in my head WHEW! Step one finished, that was easy! ……hey, where is that “easy button” again ?

Next is to edit/and or/create a separate .vimrc just for this, and I name mine .vimencryptThis file will be in your home directory. ~/home/YOU/.vimencrypt It contains the following:

source ~/.vimrc
set nobackup
set noswapfile
set nowritebackup
set cm=blowfish

Note: Since Vim 7.3 (2010-08-15)(and newer), vim can now use Blowfish encryption. If your using an older vim -- remove the "set cm=blowfish" line. It will then default to crypt for encryption.

I know, very complicated right ? That’s it folks, you are now READY to use encryption with vim! Now, simply type "vime something.txt" and you’re on your way.

You will then see:

Enter encryption key:

Enter same key again:

If you entered the same key twice, then you should be presented with a normal vim interface.

If you use “vime” to encrypt the document the first time, it will stay encrypted. You can then just use vim normally to edit it endlessly (vim will ask for your password, you only have to use "vime" on the initial creation of the document), and it’s encrypted when you close it.

Now you will see VimCrypt~02……. when you cat your encrypted file, and it’s encrypted with blowfish, a MUCH MUCH stronger encryption than just “crypt” which can be broken fairly easily.

Re: Vim encryption , encrypting with vim and blowfish.

I don't really see your point here. Arch's default system-wide vim config (/usr/share/vim/vimfiles/archlinux.vim) is pretty minimal, and while I understand that backup and swap files may render the whole encryption useless, I don't think Arch's options have this effect.Also, if you'd be really consequent about this, you wouldn't source your own configuration in .vimencrypt.

Besides, isn't the whole point of encryption with vim that you can edit encrypted files easily... with your favorite text editor and settings?

Re: Vim encryption , encrypting with vim and blowfish.

My point was, with including /usr/share/vim/vimfiles/archlinux.vim ... your assuming the Arch Linux defaults will never change.

Most vim users I know, have their own defaults set in .vimrc (why it's included, obviously it wouldn't HAVE to be included). The .vimencrypt and vime are simply for encrypted files, and keeping them separated from .vimrc makes it easy to safely encrypt.

Re: Vim encryption , encrypting with vim and blowfish.

Digression With the paramter in the alias, vim tries to open two files (Two files to edit in the status line). I have 'set bell-style visible' in my .bashrc and when bash tries to parse the parameter it seems to choke and force vim into creating an additional file called bell-style. The original filename passed to vim fails and is not created...

Re: Vim encryption , encrypting with vim and blowfish.

You could just keep it as a function anyway. There's no reason why it has to be an alias (or a function, but if that's what you generally write, might as well stick to it). I've added it to mine as a function as I only use those, not aliases.

Thanks for the tip, anyway.

"...one cannot be angry when one looks at a penguin." - John Ruskin"Life in general is a bit shit, and so too is the internet. And that's all there is." - scepticisle

Re: Vim encryption , encrypting with vim and blowfish.

Nice method for encrytion! You should also add

set viminfo=

to your .vimencrypt file otherwise data from your encryted file can end up written in your .viminfo file. I'm not sure that you need to set noswapfile as I believe that the data passed to this file is still encrypted (but better safe than sorry).

Re: Vim encryption , encrypting with vim and blowfish.

I would add my 2, useful to me, cents. Using the above settings works fine for managing an encrypted file, but removing the -x option once the file has been encrypted removes the need to enter the password twice, which isn't a security benefit as the password cannot be changed by accident.

Also, I found that I need to add one line to my .vimEncrypt, if I want to have working Insert button, arrow keys during insert, delete etc. :autocmd BufReadPre,FileReadPre * set nocompatibleI don't know exactly how it works, I figure that nocompatible option that is automatically run on vim startup fixes a working directory problem or something.